<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("passed,variable") PageTitle=stripHTML("atomicboard 0.6.2 - Directory Traversal vulnerability") ArticleIntro=stripHTML("77169.com小编引言:atomicboard 0.6.2 - Directory Traversal vulnerability,漏洞的主要原因:") Articlecontent=stripHTML("source: http://www.securityfocus.com/bid/8236/info

It has been reported that at…") ModuleName = stripHTML("exploits") InfoID = stripHTML("170711") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> atomicboard 0.6.2 - Directory Traversal vulnerability - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> 最新漏洞 >> 其它漏洞 >> 正文

atomicboard 0.6.2 - Directory Traversal vulnerability

2003/7/19 作者:不祥 来源: 互联网
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>
source: http://www.securityfocus.com/bid/8236/info

It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.

http://www.example.com/atomicboard/index.php?location=../../../../../../etc/passwd

http://www.example.com/AtomicBoard-0.6.2/index.php?location=anything